Participate

Features

New initiative involves tightening the security of both government and public networks.

Robert Poe on April 11, 2008

Maybe it was the high-profile Estonian attacks in May 2007, in which a cyberattack crippled the government and major institutions of that Eastern European country for two weeks. Or maybe it was some incident that the public will never hear about. Either way, the U.S. government has begun a major cybersecurity push, which DHS (Department of Homeland Security) secretary Michael Chertoff described this week at RSA Conference 2008. The push includes a major boost in funding for a new cybersecurity organization operating under the DHS. And because the effort involves the security of both government and public networks, Chertoff hopes that it will see significant private-sector involvement.

Related Articles:

Chertoff offered a dramatic description of the dangers of cyberattacks. Possible attackers could range from individual hackers to organized criminal groups to nation-states to terrorist organizations. And a large-scale attack, he said, "can potentially cause the kind of damage and disruption that in past only came when we dropped bombs or set off explosives."

An assault on the financial system, for example, could cause a crisis of economic confidence, Chertoff noted, and compromising the air-traffic system could force the grounding of flights. "We're not likely to see airplanes crashing into buildings, but the threat to the cyberworld could have human and economic consequences very much on a par with what the country experienced on September 11," he said. "A cyberattack would have cascading effects across the country and world."

Presidential Order Behind Effort

Since Jan. 8, 2008, the DHS has been in charge of preventing such disasters. That's the day that President Bush signed the National Security and Homeland Security Directive. The directive, details of which remain classified, ordered the DHS to create and carry out a national cybersecurity initiative. "It would almost be like a Manhattan Project to protect cybernetworks," Chertoff said. Specifically, the DHS would lead the government's effort to protect federal domains and to "ensure the security, resiliency and reliability of the nation's information-technology and communications infrastructure," Chertoff explained.

A key move came in March 2008, when the DHS hired Silicon Valley entrepreneur Rod Beckman as the first head of a new National Cyber Security Center. The Bush administration has pumped $115 million into the center this year, according to Chertoff, and it is asking for $192 million in funding for fiscal year 2009. Chertoff said that the money will allow for large increases in staff, technical capabilities and equipment. But because much of the national infrastructure is in private hands, he noted, protecting it will require working with the private sector.

Still, the job starts with the government getting its own house in order, Chertoff stated. And the challenges there are significant. A key challenge, he said, is reducing the number of access points to government domains from the current several thousand to around 50. Another hurdle is maintaining consistently high protection policies across all federal domains; currently, only some government systems have 24/7 watch-and-response capabilities.

A third challenge is to increase the speed and scope of attack detection and response. The government's existing system looks at traffic entering the domains, analyzes it, contacts the appropriate agencies if attacks appear to be occurring, and attempts to identify the cities where the attacks are coming from in order to respond. But that won't be enough when attacks come in millisecond increments from around the globe, Chertoff observed. "I think we have the ability to detect what might be the signature of an attack before it's launched," he said.

Private-Sector Input Encouraged

Chertoff believes that several broader issues require attention as well. One is to ensure that the current system of global supply chains and development doesn't lead to the insertion of Trojan horses in equipment so as to compromise U.S. security. Another issue is to get more serious about internal security in order to, for example, minimize the loss of passwords for crucial systems. A third challenge is to make sure that private individuals have security as well, so that a mistake on their part doesn't bring them financial devastation.

The DHS's first job in making all of this happen is to gather the resources and expertise of all government agencies, Chertoff said, and to develop information and technology to both use internally and share with the private sector. In a follow-up press conference, Chertoff noted that this process would necessarily involve asking companies about their needs and concerns.

Chertoff also requested that executives at the conference encourage their best and brightest employees to work for the government in order to create a cross-fertilization that would benefit both sectors. He might want to start with a marketing officer to help him make that case.

Use of this site is governed by our Terms of Use and Privacy Policy.
Copyright 1996- Ziff Davis, LLC. All Rights Reserved.
Reproduction in whole or in part in any form or medium without express written permission
of Ziff Davis, LLC. is prohibited.PCMag Digital GroupAdChoice